During 2016, we witnessed the collapse of three major exploit kits that were previously used for massive malware delivery: Nuclear (first), Angler and then Neutrino (later). Along with other more private EKs (such as Magnitude), they caused major damage in previous years and served as infection vectors for many malicious malware-distributing campaigns. Continue reading “Exploit Kits Out, Loaders and Macros Back in”
We are very proud to announce our partnership with EclecticIQ, the industry-leading builder of analyst-centric technologies that turn cyber threat intelligence into business value.
In the partnership, SenseCy will deliver its unique cyber intelligence Continue reading “EclecticIQ Partners with SenseCy to Bring Leading Cyber Threat Intelligence Technology to the Israeli Cyber Community”
The following is an excerpt from the report. To receive a copy, please send a request to: email@example.com
2016 has been replete with an unprecedented volume of cyber events of varying impact and future significance. From our perspective, on account of our persistent presence and active participation in discussions Continue reading “SenseCy 2016 Annual CTI Report”
Written by Mickael S. and Tanya K.
Last week, SenseCy analysts happened upon a new sample of Shade ransomware, also known as Troldesh, which uses a no_more_ransom extension for encrypted files. This ransomware is far from famous, lacking the glorious Continue reading “The Shade (Troldesh) Ransomware: One More Soldier in the Army of Encryption Miscreants”
Insiders pose the most substantial threat to organizations everywhere, a recent across-the-board study conducted by IBM demonstrates. Although in the majority of the cases, the insider is an employee of the company, he could also be a third party, such as an external contractor, a consultant or a business partner. An insider generally has all the Continue reading “Insider Threats – Sometimes it is your Colleagues, and not Remote Attackers”
While monitoring closed platforms that propagate an Islamic State agenda, we detected an initial interest in hacking lessons, focusing on spam and phishing methods. Many discussions in the technical sections of closed platforms affiliated with the Islamic State deal with the implementation of Continue reading “Jihadi Cybercrime (Increasing Interest in Spam and Phishing Methods on Closed Islamic State Platforms)”
On October 12, 2016, Anonymous Italia launched a cyber offensive against the Polizia Penitenziaria (the Italian penitentiary police) to protest against the “unjust” acquittal of all those involved in the trial of Stefano Cucchi’s, a young Italian citizen who died in 2009 under still unclear circumstances a week after being remanded in custody by the Italian police for alleged drug dealing. Continue reading “Anonymous Italia Robs the Police (Again)”
The Mirai IoT Botnet has made a lot of headlines in recent weeks. While the botnet itself was analyzed and discussed by a number of security researchers and companies, none addressed the threat actor behind the recent attacks and the leak of Mirai source code. Such an analysis can provide useful insights into Continue reading “Anna-senpai – Analysis of the Threat Actor behind the Leak of Mirai”
In early September 2016, a new advertisement appeared on various Darknet platforms, promoting a new hidden service. The service, dubbed Open Hacking Lab (OHL), offers three categories of products: hacking tools and resources, hacked credentials and services. While numerous hidden services on the Darknet sell hacked credentials, this is the first time we have observed the sale of administrator credentials for Office 365 accounts.
Microsoft Office 365 is a software package that includes cloud services, sold to corporates and private customers. The organizational package includes email, storage, social network, SharePoint and other services provided via cloud. Acquiring administrator’s access to organization that use Office 365 will provide a potential attacker with access to sensitive organizational information and may even lead to the threat actor gaining full control over the organization network.
Currently, 12 accounts are being offered for sale, with prices ranging from $15 for a logistics company account to $100 for a law firm. For each company, the seller provides a short description of the company, its country of origin, and which data the buyer will gain access to. Eight of these companies are based in the U.S., two in Europe and two in Canada.
The operator of the hidden service is a well-known actor in several communities on the Darknet; he is considered credible and he possesses high technical skills. The hidden service owner also runs a Twitter account dedicated to the service, where he updates about the platform and its products.
Hacktivists are threatening to launch #OpClosedMedia, a month-long cyber campaign against websites and platforms of “mainstream media,” on September 22, 2016, for failing to inform the public about the real news.
The campaign’s official target list includes the websites of the BBC, The Daily Mail, The Independent, Reuters, Channel One (Russia) and others.
Thus far, participants have claimed responsibility for hacking several websites related to the media sector from around the world, but they also claimed to have hacked other websites with a loose connection to this sector.
This is not the first time that the media sector has been targeted by hacktivists. In June 2016, the Ghost Squad Hackers group launched the #OpSilence campaign against prominent news agencies, such as Fox News and CNN, protesting against what they called the “silence and lies” regarding the Palestinian situation. However, it seems that the Ghost Squad Hackers are not involved in this campaign.
In conclusion, popular news platforms and the media sector in general are targeted by hacktivists who wish to shut them down. Only time will tell if they will succeed or not.